Sysadmin News

Many Bluetooth users only use the technology to connect a wireless headset or similar device to their portable computers, and they may wonder why security is a big deal. Implementing security, even for these types of device pairings, can prevent an unauthorized user from using the headset.

However, another use of Bluetooth is to create a temporary computer network. For example, several people in a meeting room can connect their Bluetooth-enabled laptops to each other to share files during the meeting.

When you use Bluetooth to create a temporary network, it is usually an ad hoc network; that is, computers communicate directly with each other rather than going through a wireless access point (WAP). This means you have no centralized point of security control, as you do with a WAP (for example, you can configure a WAP to use MAC address filtering and other built-in security mechanisms). Thus, security becomes a major concern because you can be exposing important data stored on your laptop to others on the Bluetooth network. Remember that the range for class 1 Bluetooth devices can be more than 300 feet – far enough so that in some locations, the BT equivalent of the wi-fi “war driver” may be able to establish a link with your computer even though not within your sight.

Another special concern is the security of Bluetooth mobile phones. These phones may have information stored on them such as the addresses and phone numbers of contacts, calendar information and other PDA-type data. Hacking into these phones using Bluetooth is called bluesnarfing. Newer mobile phones and software upgrades for older phones can patch this vulnerability.

A related hacking technique is called bluebugging, and it involves accessing the phone’s commands so that the hacker can actually make phone calls, add or delete contact info, or eavesdrop on the phone owner’s conversations. This vulnerability, too, is being addressed by phone manufacturers. Thus, if you own a BT-enabled phone, it’s important to keep the software updated or upgrade to the latest phone models frequently.

Bluetooth devices can also be targets of Denial of Service (DoS) attacks, typically by bombarding the device with requests to the point that it causes the battery to degrade.

Finally, there are “cell phone worms” such as Cabir that can use the Bluetooth technology to propagate to other BT devices. Cabir targets phones that use the Simbian OS.

The relatively short range of most Bluetooth devices helps to ameliorate the risk of most of these security issues. For example, to practice bluesnarfing or bluebugging against a BT phone, the hacker would typically need to be within about 10 meters (a little less than 33 feet) of the target phone.

Trackback URI | Comments RSS